|
Focus on Microsoft
Using Messenger Service for 'Net Send' Functionality --- Dangerous? Why? Jun 02 2005 07:20PM deadly halo gmail com (2 replies) RE: Using Messenger Service for 'Net Send' Functionality --- Dangerous? Why? Jun 11 2005 12:09PM Rasmus Rønlev (rr it cbs dk) |
|
|
Privacy Statement |
notifications, for example). There is no security on it whatsoever-
any nitwit could
net send * bad message here
resulting in everyone on the subnet getting a "bad message here" popup
You'd be reliant upon a working WINS infrastructure, but would still
have issues if the specific user was not logged in. If a user is
logged into > 1 machine, I believe only the last machine they logged
into will get it (as my WINS console only shows my username registered
once for the [03h] netbios name type.
So, you would be potentially activating another service, thus gaining
whatever potential security vulnerabilites lie within, only to obtain
a fairly unreliable notification method.
Matt
On 2 Jun 2005 19:20:04 -0000, deadly.halo (at) gmail (dot) com [email concealed]
<deadly.halo (at) gmail (dot) com [email concealed]> wrote:
> A fellow network administrator at the company I work for is interested in implementing a system that utilizes the Messenger Service (not to be confused with the MS Messenger chat tool) to initiate Net Send notifications to clients throughout the user community. Our network hosts consist of Windows 2000/XP machines (XP has the service disabled by default, 2000 may as well). I remember that there was a large vulnerability reported at the end of 2003 regarding the Messenger Service. I know that the issue was addressed in subsequent service packs, but this doesn't necessarily mean it's a good idea to use it.
>
> Bottom line; I'm concerned that enabling the Messenger Service throughout the network will open our environment to security vulnerabilities. What are you thoughts? Any know issues at this time? Your input would be greatly appreciated.
>
> Regards,
>
> Brian
>
> ------------------------------------------------------------------------
---
> ------------------------------------------------------------------------
---
>
>
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
[ reply ]